I'm trying to get passport set up in a RESTful environment and can't quite get the user to get serialized into the session data. Login and signup work great, though.
I'm more or less following the tutorial from scotch.io but I've made some adjustments so it works through a RESTful API.
In a nutshell, this is my server setup:
var express = require("express"); // v 4.8.5
var cookieParser = require("cookie-parser"); // v 1.3.3
var bodyParser = require("body-parser"); // v 1.9.0
var session = require("express-session"); // v 1.8.2
var passport = require("passport"); // v 0.2.1, passport-local is v 1.0.0
var app = express();
require("./config/Passport")(passport);
app.use( morgan('dev') );
app.use( cookieParser(secret) );
app.use( bodyParser.json() );
app.use( bodyParser.urlencoded({extended:true}) );
app.use( session({secret:secret, resave:true, saveUninitialized:true, cookie:{httpOnly: false, secure:false, maxAge:cookie_max_age}}) );
app.use( passport.initialize() );
app.use( passport.session() );
app.use( less(publicPath, {compiler:{compress:false}}) );
app.use( express.static(publicPath) );
var router = express.Router();
require( appBase + "Routes" )(router, passport);
app.use( '/api', router );
var server = app.listen(8088);
Now, in my router, I've defined the login route as follows:
router.post("/login", function(req, res, next)
{
passport.authenticate("local-login", function(error, user, info)
{
if(error) return next(error);
if(!user) return response.send({success:false, message:info.message});
return response.send({success:true, message:"Login successful.", user:user});
})(request, response, next);
});
I'm trying to be brief here, but I've also got console traces in my user serialization and deserialization functions and they're not getting hit. I've also got some logging to show me what's going on with the session variables, and that's pretty much showing nothing as well. There's a passport variable in the cookie info, but it's empty.
I'm guessing that my problem lies in the fact that I'm not using the default mechanism of redirecting that passport is supposed to use by default, but so far I've been unable to figure out what it is exactly. My second guess would be that the cookie and session stuff isn't getting set up properly. The scotch.io tutorial was written for a much older version of express and I've had to make changes to bring everything up to date.
There is no "default mechanism of redirecting", although one is provided for your convenience.
You are using a custom callback so I suspect that the problem is caused by not calling req.login() at all. As stated in the documentation
Note that when using a custom callback, it becomes the application's responsibility to establish a session (by calling
req.login()) and send a response.
So, try if it would work like this:
router.post("/login", function(req, res, next)
{
passport.authenticate("local-login", function(error, user, info)
{
if(error) return next(error);
if(!user) return res.send({success:false, message:info.message});
req.logIn(user, function(err) {
if(error) return next(error);
return res.send({success:true, message:"Login successful.", user:user});
}
})(req, res, next);
});